TL;DR: Account takeover attacks have risen 330% since 2022, and Arkose Labs says its detection stack uses over 175 risk assessment signals, adaptive challenges, and mitigation logic to reduce unauthorized access and fraud impact. The deeper lesson is that ATO defense now hinges on dynamic risk response, not static login controls.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Account takeover attacks have increased by 330% since 2022.
- Arkose Labs says its global intelligence network contains over 175 risk assessment signals.
- The company says 99% good user throughput is achievable with its approach.
Questions worth separating out
Q: How should security teams reduce account takeover risk without hurting user experience?
A: Use adaptive controls that step up only when session risk rises.
Q: Why do stolen credentials still lead to account takeover in mature environments?
A: Because authentication alone does not prove intent or legitimacy.
Q: What do teams get wrong about bot detection in account takeover defence?
A: They often treat bot detection as a perimeter filter instead of part of identity governance.
Practitioner guidance
- Instrument login flows with layered risk signals Combine device reputation, behavioural anomalies, session context, and velocity checks so that a single weak indicator does not drive the decision.
- Define challenge thresholds by business flow Apply stronger friction to high-value actions such as password reset, payment changes, or profile recovery, while keeping routine logins as low-friction as possible.
- Connect ATO signals to fraud and access response Route high-risk login outcomes to the teams that can act on them, including fraud operations, customer support, and access governance.
What's in the full announcement
Arkose Labs' full analysis covers the operational detail this post intentionally leaves for the source:
- The specific risk signal categories behind account takeover scoring and how they are weighted in practice
- The mitigation workflow that turns suspicious sessions into allow, challenge, or deny decisions
- Customer story detail on intervention reduction and fraud impact across different industries
- The implementation patterns for integrating bot detection with downstream fraud and support operations
👉 Read Arkose Labs’ analysis of account takeover detection and mitigation →
Account takeover attacks: are adaptive controls keeping up?
Explore further
ATO defense is now an identity governance problem, not just a fraud control problem. Attackers do not need to break authentication if they can industrialise login abuse, replay credentials, and blend into legitimate user traffic. That makes account takeover a cross-functional issue spanning IAM, fraud, and customer experience. Practitioners should treat login risk as a governance boundary, not only a security event.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented any policies to govern AI agents, even though 92% say governing them is critical to enterprise security.
A question worth separating out:
Q: How do you know if account takeover controls are actually working?
A: Look for reduced successful takeovers, lower fraud losses, and preserved good-user throughput at the same time. If false positives rise sharply or attackers simply shift tactics while account compromise stays flat, the control is creating friction without changing outcomes.
👉 Read our full editorial: Account takeover defense depends on adaptive bot and risk signals